@bagelink/auth 1.7.72 → 1.7.76

package/dist/index.mjs

@@ -1077,7 +1077,7 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
     const authResponse = ref(null);
     const { sso: sso2, user, accountInfo: accountInfo2 } = useAuth();
     const route = useRoute();
-    const router = useRouter();
+    const router2 = useRouter();
     const providerInfo = computed(() => {
       if (provider.value === null) return null;
       return providers[provider.value];
@@ -1087,7 +1087,7 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
       try {
         await sso2.handleLinkCallback();
         success.value = true;
-        setTimeout(() => router.push("/"), timeout);
+        setTimeout(() => router2.push("/"), timeout);
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Failed to link account";
         error.value = errorMessage;
@@ -1106,7 +1106,7 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
         } else {
           authResponse.value = response;
           success.value = true;
-          setTimeout(() => router.push("/"), timeout);
+          setTimeout(() => router2.push("/"), timeout);
         }
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Authentication failed";
@@ -1237,10 +1237,10 @@ const _sfc_main$3 = /* @__PURE__ */ defineComponent({
     cardShadow: { type: Boolean, default: true }
   },
   setup(__props) {
-    const router = useRouter();
+    const router2 = useRouter();
     function switchForm(form) {
       if (form === "login") {
-        router.push("/login");
+        router2.push("/login");
       }
     }
     return (_ctx, _cache) => {
@@ -1281,12 +1281,12 @@ const _sfc_main$2 = /* @__PURE__ */ defineComponent({
     cardShadow: { type: Boolean, default: true }
   },
   setup(__props) {
-    const router = useRouter();
+    const router2 = useRouter();
     function switchForm(form) {
       if (form === "signup") {
-        router.push("/signup");
+        router2.push("/signup");
       } else if (form === "forgot-password") {
-        router.push("/forgot-password");
+        router2.push("/forgot-password");
       }
     }
     return (_ctx, _cache) => {
@@ -1327,12 +1327,12 @@ const _sfc_main$1 = /* @__PURE__ */ defineComponent({
     cardShadow: { type: Boolean, default: true }
   },
   setup(__props) {
-    const router = useRouter();
+    const router2 = useRouter();
     const route = useRoute();
     const token = computed(() => route.query.token);
     function switchForm(form) {
       if (form === "login") {
-        router.push("/login");
+        router2.push("/login");
       }
     }
     return (_ctx, _cache) => {
@@ -1364,10 +1364,10 @@ const _sfc_main = /* @__PURE__ */ defineComponent({
     cardShadow: { type: Boolean, default: true }
   },
   setup(__props) {
-    const router = useRouter();
+    const router2 = useRouter();
     function switchForm(form) {
       if (form === "login") {
-        router.push("/login");
+        router2.push("/login");
       }
     }
     return (_ctx, _cache) => {
@@ -1389,70 +1389,56 @@ const _sfc_main = /* @__PURE__ */ defineComponent({
     };
   }
 });
-function createAuthRoutes(config = {}) {
-  const {
-    basePath = "",
-    namePrefix = "",
-    routeNames = {},
-    layout
-  } = config;
-  const createRouteName = (name) => namePrefix ? `${namePrefix}${name}` : name;
-  const routes = [
-    {
-      path: `${basePath}/login`,
-      name: routeNames.login || createRouteName("Login"),
-      component: () => import("./LoginPage-klj1NV4J.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/signup`,
-      name: routeNames.signup || createRouteName("Signup"),
-      component: () => import("./SignupPage-oUFYApYW.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/forgot-password`,
-      name: routeNames.forgotPassword || createRouteName("ForgotPassword"),
-      component: () => import("./ForgotPasswordPage-DvttMGb0.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/reset-password`,
-      name: routeNames.resetPassword || createRouteName("ResetPassword"),
-      component: () => import("./ResetPasswordPage-nvQ4uupb.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/callback`,
-      name: routeNames.callback || createRouteName("AuthCallback"),
-      component: () => import("./Callback-C-XghN_z.js"),
-      meta: { requiresAuth: false }
-    }
-  ];
-  if (layout) {
-    return [{
-      path: basePath,
-      component: layout,
-      children: routes.map((route) => ({
-        ...route,
-        path: route.path.replace(basePath, "")
-      }))
-    }];
+function getRedirectUrl(router2, config) {
+  const redirect2 = router2.currentRoute.value.query[config.queryKey];
+  return redirect2 || config.fallback;
+}
+function isValidRedirect(redirectUrl, allowedPaths) {
+  if (!redirectUrl) {
+    return false;
   }
-  return routes;
+  if (redirectUrl.startsWith("http://") || redirectUrl.startsWith("https://")) {
+    return false;
+  }
+  if (redirectUrl.startsWith("//")) {
+    return false;
+  }
+  if (redirectUrl.startsWith("javascript:") || redirectUrl.startsWith("data:")) {
+    return false;
+  }
+  if (!redirectUrl.startsWith("/")) {
+    return false;
+  }
+  if (allowedPaths && allowedPaths.length > 0) {
+    return allowedPaths.some((pattern) => pattern.test(redirectUrl));
+  }
+  return true;
 }
-function createAuthGuard(config = {}) {
-  const { redirectTo = "/" } = config;
-  return async (to, _from, next) => {
-    const { useAuth: useAuth2 } = await Promise.resolve().then(() => useAuth$1);
-    const { user } = useAuth2();
-    if (to.meta.requiresAuth === false && user.value) {
-      next(redirectTo);
-    } else {
-      next();
-    }
-  };
+async function performRedirect(router2, config) {
+  const redirect2 = getRedirectUrl(router2, config);
+  if (redirect2 !== config.fallback && !isValidRedirect(redirect2, config.allowedPaths)) {
+    console.warn("[Auth] Invalid redirect URL detected, using fallback:", redirect2);
+    await router2.push(config.fallback);
+    return;
+  }
+  await router2.push(redirect2);
 }
+function buildLoginQuery(currentPath, config) {
+  if (!config.preserveRedirect) {
+    return {};
+  }
+  if (isValidRedirect(currentPath, config.allowedPaths)) {
+    return { [config.queryKey]: currentPath };
+  }
+  return {};
+}
+const redirect = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  buildLoginQuery,
+  getRedirectUrl,
+  isValidRedirect,
+  performRedirect
+}, Symbol.toStringTag, { value: "Module" }));
 let authApiRef = null;
 function setAuthContext(authApi2) {
   authApiRef = authApi2;
@@ -1900,9 +1886,34 @@ function accountToUser(account) {
     lastLogin: account.last_login
   };
 }
+const DEFAULT_REDIRECT_CONFIG = {
+  queryKey: "redirect",
+  fallback: "/",
+  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "Callback"],
+  authenticatedRedirect: "/",
+  loginRoute: "Login",
+  authMetaKey: "auth",
+  autoRedirect: true,
+  preserveRedirect: true
+};
+function normalizeRedirectConfig(config) {
+  return {
+    ...DEFAULT_REDIRECT_CONFIG,
+    ...config
+  };
+}
 let authApi = null;
 let eventEmitter = null;
+let redirectConfig = null;
+let autoRedirectRouter = null;
+let cachedAuthGuard = null;
 const accountInfo = ref(null);
+function getRedirectConfig() {
+  if (!redirectConfig) {
+    throw new Error("Redirect config not initialized. Did you call createAuth with redirect config?");
+  }
+  return redirectConfig;
+}
 function createAuth(params) {
   if (authApi === null) {
     authApi = new AuthApi(params.baseURL);
@@ -1910,7 +1921,13 @@ function createAuth(params) {
   if (eventEmitter === null) {
     eventEmitter = new EventEmitter();
   }
-  return {
+  if (params.redirect) {
+    redirectConfig = normalizeRedirectConfig(params.redirect);
+  }
+  if (redirectConfig == null ? void 0 : redirectConfig.autoRedirect) {
+    setupAutoRedirect();
+  }
+  const authInstance = {
     // Event listener methods
     on(event, handler) {
       if (eventEmitter) {
@@ -1927,10 +1944,89 @@ function createAuth(params) {
         eventEmitter.removeAllListeners(event);
       }
     },
+    /**
+     * Connect external dependencies like Vue Router
+     * Automatically sets up router guard when router is provided
+     * @param dependency - Vue Router instance or other plugins
+     * @param options - Configuration options
+     * @param options.guard - Whether to automatically set up auth guard (default: true)
+     * @example
+     * ```ts
+     * // Auto setup (default)
+     * auth.use(router)
+     *
+     * // Manual guard control (for custom composition)
+     * auth.use(router, { guard: false })
+     * router.beforeEach(async (to, from, next) => {
+     *   // Custom logic first
+     *   if (!hasOrgAccess(to)) return next('/no-access')
+     *   // Then run auth guard
+     *   return auth.routerGuard()(to, from, next)
+     * })
+     * ```
+     */
+    use(dependency, options = {}) {
+      const { guard = true } = options;
+      if (dependency && (dependency.beforeEach || dependency.push || dependency.currentRoute)) {
+        autoRedirectRouter = dependency;
+        if (guard) {
+          dependency.beforeEach(authInstance.routerGuard());
+        }
+      }
+      return authInstance;
+    },
+    /**
+     * Create a Vue Router navigation guard for authentication
+     * Protects routes requiring authentication and handles redirect logic
+     * Note: Automatically called by auth.use(router), only use directly for custom setups
+     * @example
+     * ```ts
+     * // Automatic (recommended)
+     * auth.use(router)
+     *
+     * // Manual (for custom setups)
+     * router.beforeEach(auth.routerGuard())
+     * ```
+     */
+    routerGuard() {
+      if (cachedAuthGuard === null) {
+        cachedAuthGuard = async (to, from, next) => {
+          const { authGuard: authGuard2 } = await Promise.resolve().then(() => router);
+          const guard = authGuard2();
+          cachedAuthGuard = guard;
+          return guard(to, from, next);
+        };
+      }
+      return cachedAuthGuard;
+    },
+    /**
+     * Vue plugin install method
+     * Makes auth available globally as $auth
+     * @example
+     * ```ts
+     * app.use(auth)
+     * ```
+     */
     install(app) {
       app.config.globalProperties.$auth = useAuth();
     }
   };
+  return authInstance;
+}
+function setupAutoRedirect() {
+  if (!eventEmitter || !redirectConfig) return;
+  eventEmitter.on(AuthState.LOGIN, async () => {
+    if (!autoRedirectRouter) {
+      console.warn("[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.");
+      return;
+    }
+    const { performRedirect: performRedirect2 } = await Promise.resolve().then(() => redirect);
+    try {
+      await performRedirect2(autoRedirectRouter, redirectConfig);
+    } catch (error) {
+      console.error("[Auth] Auto-redirect error:", error);
+    }
+  });
 }
 function useAuth() {
   if (authApi === null) {
@@ -2180,13 +2276,141 @@ function useAuth() {
 const useAuth$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
   createAuth,
+  getRedirectConfig,
   useAuth
 }, Symbol.toStringTag, { value: "Module" }));
+let authInitialized = false;
+function resetAuthState() {
+  authInitialized = false;
+}
+function authGuard() {
+  return async function guard(to, _from, next) {
+    const auth = useAuth();
+    const config = getRedirectConfig();
+    const requiresAuth = to.meta[config.authMetaKey];
+    const requiresNoAuth = config.noAuthRoutes.includes(to.name);
+    try {
+      if (!authInitialized) {
+        await auth.checkAuth();
+        authInitialized = true;
+      }
+      const isAuthenticated = !!auth.user.value;
+      if (isAuthenticated && requiresNoAuth) {
+        next(config.authenticatedRedirect);
+        return;
+      }
+      if (!isAuthenticated && requiresAuth) {
+        const query = buildLoginQuery(to.fullPath, config);
+        next({
+          name: config.loginRoute,
+          query
+        });
+        return;
+      }
+      next();
+    } catch (error) {
+      console.error("[Auth Guard] Error:", error);
+      next();
+    }
+  };
+}
+function composeGuards(guards) {
+  return async (to, from, next) => {
+    let guardIndex = 0;
+    const runNextGuard = async () => {
+      if (guardIndex >= guards.length) {
+        next();
+        return;
+      }
+      const guard = guards[guardIndex];
+      guardIndex++;
+      await guard(to, from, (result) => {
+        if (result !== void 0) {
+          next(result);
+        } else {
+          runNextGuard();
+        }
+      });
+    };
+    await runNextGuard();
+  };
+}
+const router = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  authGuard,
+  composeGuards,
+  resetAuthState
+}, Symbol.toStringTag, { value: "Module" }));
+function createAuthRoutes(config = {}) {
+  const {
+    basePath = "",
+    namePrefix = "",
+    routeNames = {},
+    layout
+  } = config;
+  const createRouteName = (name) => namePrefix ? `${namePrefix}${name}` : name;
+  const routes = [
+    {
+      path: `${basePath}/login`,
+      name: routeNames.login || createRouteName("Login"),
+      component: () => import("./LoginPage-klj1NV4J.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/signup`,
+      name: routeNames.signup || createRouteName("Signup"),
+      component: () => import("./SignupPage-oUFYApYW.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/forgot-password`,
+      name: routeNames.forgotPassword || createRouteName("ForgotPassword"),
+      component: () => import("./ForgotPasswordPage-DvttMGb0.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/reset-password`,
+      name: routeNames.resetPassword || createRouteName("ResetPassword"),
+      component: () => import("./ResetPasswordPage-nvQ4uupb.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/callback`,
+      name: routeNames.callback || createRouteName("AuthCallback"),
+      component: () => import("./Callback-C-XghN_z.js"),
+      meta: { requiresAuth: false }
+    }
+  ];
+  if (layout) {
+    return [{
+      path: basePath,
+      component: layout,
+      children: routes.map((route) => ({
+        ...route,
+        path: route.path.replace(basePath, "")
+      }))
+    }];
+  }
+  return routes;
+}
+function createAuthGuard(config = {}) {
+  const { redirectTo = "/" } = config;
+  return async (to, _from, next) => {
+    const { useAuth: useAuth2 } = await Promise.resolve().then(() => useAuth$1);
+    const { user } = useAuth2();
+    if (to.meta.requiresAuth === false && user.value) {
+      next(redirectTo);
+    } else {
+      next();
+    }
+  };
+}
 export {
   AuthApi,
   AuthState,
   _sfc_main$4 as Callback,
   DEFAULT_AGENT_ID,
+  DEFAULT_REDIRECT_CONFIG,
   _sfc_main$8 as ForgotPasswordForm,
   _sfc_main$3 as ForgotPasswordPage,
   INTAKE_WORKFLOW_ID,
@@ -2202,13 +2426,22 @@ export {
   _sfc_main as SignupPage,
   StateMismatchError,
   accountToUser,
+  authGuard,
+  buildLoginQuery,
+  composeGuards,
   createAuth,
   createAuthGuard,
   createAuthRoutes,
   getAllSSOProviders,
+  getRedirectConfig,
+  getRedirectUrl,
   getSSOProvider,
   isSupportedProvider,
+  isValidRedirect,
+  normalizeRedirectConfig,
+  performRedirect,
   providers,
+  resetAuthState,
   setAuthContext,
   sso,
   ssoProvidersList,

package/dist/redirect.d.ts

@@ -0,0 +1,21 @@
+import { Router } from 'vue-router';
+import { NormalizedRedirectConfig } from './types/redirect';
+/**
+ * Redirect utilities for handling post-authentication navigation
+ */
+/**
+ * Get redirect URL from current route query params
+ */
+export declare function getRedirectUrl(router: Router, config: NormalizedRedirectConfig): string;
+/**
+ * Validate redirect URL is safe (prevents open redirect attacks)
+ */
+export declare function isValidRedirect(redirectUrl: string, allowedPaths?: RegExp[]): boolean;
+/**
+ * Perform redirect after login with security validation
+ */
+export declare function performRedirect(router: Router, config: NormalizedRedirectConfig): Promise<void>;
+/**
+ * Build query params for redirect to login
+ */
+export declare function buildLoginQuery(currentPath: string, config: NormalizedRedirectConfig): Record<string, string>;

package/dist/router.d.ts

@@ -0,0 +1,36 @@
+import { NavigationGuard, NavigationGuardNext, RouteLocationNormalized } from 'vue-router';
+/**
+ * Reset auth initialization state
+ * Useful for testing or app reload scenarios
+ */
+export declare function resetAuthState(): void;
+/**
+ * Auth guard for Vue Router
+ *
+ * Protects routes requiring authentication and handles redirect logic.
+ * Reads configuration from the auth instance created via createAuth().
+ *
+ * @example
+ * ```ts
+ * const auth = createAuth({
+ *   baseURL: 'https://api.example.com',
+ *   redirect: { ... }
+ * })
+ * router.beforeEach(authGuard())
+ * ```
+ */
+export declare function authGuard(): (to: RouteLocationNormalized, _from: RouteLocationNormalized, next: NavigationGuardNext) => Promise<void>;
+/**
+ * Compose multiple navigation guards into one
+ * Guards are executed in order, stopping at the first one that calls next with a value
+ *
+ * @example
+ * ```ts
+ * router.beforeEach(composeGuards([
+ *   authGuard(),
+ *   orgAccessGuard(),
+ *   featureFlagGuard(),
+ * ]))
+ * ```
+ */
+export declare function composeGuards(guards: NavigationGuard[]): NavigationGuard;

package/dist/types/redirect.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Redirect configuration types for auth library
+ */
+export interface RedirectConfig {
+    /**
+     * Query parameter key used to store the redirect URL
+     * After login, read this param to redirect users back to their intended destination
+     * @default 'redirect'
+     */
+    queryKey?: string;
+    /**
+     * Default fallback URL when no redirect is specified
+     * @default '/'
+     */
+    fallback?: string;
+    /**
+     * Routes that require NO authentication (login, signup, forgot password, etc)
+     * Authenticated users will be automatically redirected away from these pages
+     * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback']
+     */
+    noAuthRoutes?: string[];
+    /**
+     * Route name to redirect to when authenticated users try to access auth-only pages
+     * @default '/'
+     */
+    authenticatedRedirect?: string;
+    /**
+     * Route name to redirect to when unauthenticated users try to access protected pages
+     * @default 'Login'
+     */
+    loginRoute?: string;
+    /**
+     * Meta key used to check if a route requires authentication
+     * @default 'auth'
+     * @example In your route: `meta: { auth: true }`
+     */
+    authMetaKey?: string;
+    /**
+     * Enable automatic redirect handling after login
+     * When true, the library automatically redirects users after successful login
+     * @default true
+     */
+    autoRedirect?: boolean;
+    /**
+     * Enable redirect preservation for protected routes
+     * When enabled, the original URL is preserved as a query param after redirecting to login
+     * @default true
+     */
+    preserveRedirect?: boolean;
+    /**
+     * Optional allowed redirect path patterns for security validation
+     * If specified, only URLs matching these patterns will be allowed
+     * @default undefined (allows all internal paths)
+     */
+    allowedPaths?: RegExp[];
+}
+/**
+ * Normalized redirect configuration with all defaults applied
+ */
+export interface NormalizedRedirectConfig extends Required<Omit<RedirectConfig, 'allowedPaths'>> {
+    allowedPaths?: RegExp[];
+}
+/**
+ * Default redirect configuration
+ */
+export declare const DEFAULT_REDIRECT_CONFIG: NormalizedRedirectConfig;
+/**
+ * Normalize redirect configuration by applying defaults
+ */
+export declare function normalizeRedirectConfig(config?: RedirectConfig): NormalizedRedirectConfig;

package/dist/useAuth.d.ts

@@ -1,12 +1,69 @@
 import { App } from 'vue';
 import { AccountInfo, User, NewUser, UpdatePasswordForm, UpdateAccountRequest, AuthEventMap, SSOProvider, SSOInitiateRequest, SSOCallbackRequest, SSOLinkRequest, AuthState } from './types';
+import { RedirectConfig, NormalizedRedirectConfig } from './types/redirect';
 interface InitParams {
     baseURL: string;
+    /**
+     * Redirect configuration for authentication flows
+     * @see RedirectConfig
+     */
+    redirect?: RedirectConfig;
 }
+/**
+ * Get the current redirect configuration
+ * Used internally by router guard
+ */
+export declare function getRedirectConfig(): NormalizedRedirectConfig;
 export declare function createAuth(params: InitParams): {
     on<K extends AuthState>(event: K, handler: AuthEventMap[K]): void;
     off<K extends AuthState>(event: K, handler: AuthEventMap[K]): void;
     removeAllListeners<K extends AuthState>(event?: K): void;
+    /**
+     * Connect external dependencies like Vue Router
+     * Automatically sets up router guard when router is provided
+     * @param dependency - Vue Router instance or other plugins
+     * @param options - Configuration options
+     * @param options.guard - Whether to automatically set up auth guard (default: true)
+     * @example
+     * ```ts
+     * // Auto setup (default)
+     * auth.use(router)
+     *
+     * // Manual guard control (for custom composition)
+     * auth.use(router, { guard: false })
+     * router.beforeEach(async (to, from, next) => {
+     *   // Custom logic first
+     *   if (!hasOrgAccess(to)) return next('/no-access')
+     *   // Then run auth guard
+     *   return auth.routerGuard()(to, from, next)
+     * })
+     * ```
+     */
+    use(dependency: any, options?: {
+        guard?: boolean;
+    }): /*elided*/ any;
+    /**
+     * Create a Vue Router navigation guard for authentication
+     * Protects routes requiring authentication and handles redirect logic
+     * Note: Automatically called by auth.use(router), only use directly for custom setups
+     * @example
+     * ```ts
+     * // Automatic (recommended)
+     * auth.use(router)
+     *
+     * // Manual (for custom setups)
+     * router.beforeEach(auth.routerGuard())
+     * ```
+     */
+    routerGuard(): any;
+    /**
+     * Vue plugin install method
+     * Makes auth available globally as $auth
+     * @example
+     * ```ts
+     * app.use(auth)
+     * ```
+     */
     install(app: App): void;
 };
 export declare function useAuth(): {